Yahoo is under investigation for the grand scams that compromised millions of accounts. The Securities and Exchange Commission (SEC) is probing the two security breaches at Yahoo that it disclosed in the previous year.
The focus is on why the company did not inform its investors well in time when the scam came to the company’s knowledge. Why did they take two years to make the first breach public, and several months to reveal the other.
Technically, civil security laws require companies to share any such incidents to their investors.
The SEC has outlined comprehensive guidance on how and what to do when the cyber security of any company is compromised, however, generally, companies which experience such breaches do not report these details during regulatory proceedings, as reported by a 2012 Reuters investigation.
The Wall Street Journal reports that the investigation is centered on the first data breach that took, surprisingly, two years to bring the matter to the notice of the investors as well as of the global media. Reportedly, the investigation is still in the first phase that is trying to answer how and why questions.
It is to be noticed that the first security breach compromised at least 500 million users’ personal data. However, instead of going for immediate counter measures through prompt unveiling of the incident, Yahoo dumped the news for two years and revealed it in 2016. Moreover, it held state-sponsored hackers responsible for the incident in 2014.
Although media attempted to probe the issue, nothing meaningful came out of the administration’s clarifications that further ignited suspicions.
In mid-December 2016, Yahoo disclosed that more than 1 billion users’ accounts have been hacked by gaining access to private information. It put all the Yahoo’s cyber security measures to questions, and even threatened its market credibility. The personal information included names, email IDs, security questions and answers, and all other personal particulars.
Political administration too seemed interested in the matter as Democratic U.S. Senator Mark Warner urged the SEC to thoroughly probe whether the company and its officials have complied with the standing procedures to inform investors and the public.
Yet another problem is Yahoo’s deal with Verizon. This investigation posed various threats to the finalisation of the acquisition process, which values $1 billion. The buyer might go for reversal or a considerable discount in the price, media reports.
The Wall Street Journal reports that for a first time any federal agency has lodged and pursued a case against any company for not disclosing the cyber breach. Other agencies busy in this case include Federal Trade Commission, the U.S. Attorneys Office and some State Attorneys General.